By Lisa Autz
Photo courtesy of Yuri Samoilov.
Cyber criminals are getting smarter. As 85,000 new malicious IP addresses get launched every day, cyber crimes are being conducted in an increasingly sophisticated manner.
The data about dangerous IPs is but one of many computer-crime measurements recorded in a new report by the intelligence and security company, Webroot. The Webroot 2015 Threat Brief revealed alarming criminal hacking trends from information collected from tens of millions of the company’s users.
Michael Malloy, Executive VP of Products and Strategy at Webroot, spoke with BTR about the study’s findings and the necessary steps to protecting computer information.
BreakThru Radio (BTR): The report finds that the United States accounts for 31 percent of malicious IP addresses, followed by China with 23 percent, and Russia with 10 percent. Why do you think most cyber attacks on companies in the US originate from inside the country rather than outside it?
Michael Malloy (MM): I think there [are] a couple reasons. One reason is that the cyber criminals will try and look like they originate from within the country they are attacking. [Oftentimes,] corporations have security software that can identify the source of an attack based on its IP address. They will immediately be alerted if computers within their company are communicating with countries they don’t normally do business with.
If you are a US company and suddenly you’re seeing traffic from some country you just never do business with, your security team is going to be on alert. So as a hacker, what you want to do is make sure you look like you’re from the US and so there wouldn’t be any immediate notice taken that you’re trying to break in.
So you would host your point of attack, whatever that might be, an email or incoming network traffic, you’d host that in the United States, either in the cloud or some web hosting service of some kind.
The other reason is actually, there are a lot of hackers in the United States. There are cyber-criminals all over the world. It’s a very sophisticated, very well organized criminal business [that’s] one of the fastest growing industries in the world. It will be a 120 billion dollar industry in the next couple of years and it attracts people from all nations.
BTR: Were you surprised to find out that 900 phishing attempts were identified per financial institution and more than 9,000 per technology company?
MM: At first I was completely amazed by that number because in the past five years, since phishing has really become a dominant approach to hacking, almost all the countries being impersonated were financial institutions. There were a few others but it was mostly sites impersonating the big 10 banks.
Phishing for example is the link that says, “Please log in to your bank, there has been some unusual activity in your account. Please log in, click here to get into bankofamerica.com.” [When] you log in, you are actually redirected to bankofamerica.com, but by then they have already gotten your information.
[But] in the past year or so… primary attacks like these [happen] to Google, Yahoo, Facebook, Apple, and some other social media apps. The [strategy] makes sense from a number of points of view. Your Google password and your Yahoo passwords can actually be used as the password for a lot of different accounts.
When I read the study, I went and looked at my own Google account and I saw that my Google log in was used in six other applications. So if [hackers] gain access to someone’s Facebook or Google account then that also gives them access to a lot of other sites and those sites could be used for financial gain.
[Additionally] these are social [media] sites so, if I gain access to your Facebook or Twitter account, I also have a way to access information from all your friends and followers and I could use that for more phishing attacks.
BTR: Who do you believe are the main perpetrators of these crimes?
MM: I think it’s criminal businesses. I don’t think we should think these are two guys in a dorm room eating pizza and having fun.
These are companies whose business happen to be cybercrime and they make money on it. They can sell these log in credentials, they can sell credit card information, they can use your Facebook account to buy things and monetize it through gains. They put together very sophisticated chains of activity, working with other specialist criminal teams to [form] a pretty sophisticated chain of attacks.
BTR: Has there been any growing trend with the amount of phishing and cyber attacks in the past decades?
MM: If you’re a large company you are getting targeted in different kind of ways. Even phishing goes to a new level if you are working for a large corporation who’s going to be a target. They wouldn’t just send out tens of thousands of emails and expect to get important, log in information to one of the large banks.
[They] do what’s called “spear phishing.” They would target individual executives and learn about them so that any message from them would look absolutely genuine. Then they would create a very personalized attack with the objective of gaining their log in information.
Especially targeted are IT people within large corporations–because if I gain the administrators’ log in at a corporation then I have access to all the data and may not even [leave] traces that I was there.
BTR: What are the necessary steps to take in order for home users and companies to become more aware and protective of information from cyber attacks?
MM: Don’t believe or click things in your emails even if it seems like it is coming from your bank. Install a good anti-virus, anti-malware, and anti-phishing program.